{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f69fb803-e185-5736-a2da-191d8966a19a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-test", "version": "5.2.13.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4728cc63-bfa2-5a11-bd8d-834ed5698ced", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:629d1ac4-1a7b-5a8e-b0ae-52f49be6e851", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6faa2223-46e2-5266-8abb-49bbf242781c", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f6ef0d5d-a78b-5110-adf8-177579cc12d6", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a8a9a961-3a54-5f6d-b1f2-0464a82e164d", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:49797c40-2bb6-5ce7-8aac-aa84f8ed1999", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c707f341-cf3a-5860-b9b5-9c75109185b8", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b1c4c897-63cc-53db-8d14-1cf2a3cf503b", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a77035ce-a5fb-588b-8dfa-f9a11217f85e", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0d110a24-be85-5267-a3ec-0fbcff268a85", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3403f4c1-7e43-532c-8708-8515255dd48e", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f01b1917-0c33-5094-9623-6044ad1fa54d", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d53e3730-96d3-5a12-9205-24b1f157d1c5", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:32c1a42d-5cbd-5c24-99f3-4256c5109bb5", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:861a9986-aa24-5c90-9740-c4cfe6e54427", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:46c2d0d8-586a-5e66-81c0-5e57935c7c0f", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2269745d-0959-5cf0-976b-5b2e4c2b5ca7", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:82ed1ab3-fa11-5e6a-bc63-6d2983cd4810", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:58a12df6-0d4f-5ff0-a234-fb5ff48272f3", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d63ed970-2ad1-5b3d-9545-e235d826dc74", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8e2a07cb-94b0-5236-ac24-4165c51a6178", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ef2014f0-efc9-572d-aad7-2ad31bfeb2d2", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d3d244b6-33f6-5b56-8521-aedaadd7eac9", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fa6123a1-bd6f-53ff-b191-cdd9bbfa385f", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4570826f-3cf6-5020-8180-3c663aa491a7", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2e690fe1-e3f5-5275-b916-97c4c7567a4b", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dc00fb11-c993-5f9f-b804-551eee552ba2", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fe61a579-17a4-59f1-8805-2e34388d33b3", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:540af212-5325-5e38-8a9d-aa82cdd2c293", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test. not_affected \u2014 Version 5.2.13.RELEASE uses a fundamentally different multipart parsing architecture (Synchronoss NIO library) that does not contain the vulnerable components targeted by CVE-2026-41840. The CVE explicitly lists affected versions starting at 5.3.0+, and the patches fix issues in PartGenerator and MultipartParser classes that do not exist in this version." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8c97e4fa-2ade-5a63-b360-7fbef1471e79", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3c22d44c-664e-5956-9ffb-ed5f10d25196", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5c415c30-6dea-5bbd-aaf9-b7558c71e3e4", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:794c1dfb-4ed7-54d0-aad7-6221a47a909a", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c44e6a03-6862-5b39-b108-ec85eecdb8a8", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aa1959c9-15a1-5a3b-bdf6-d3dfe6fde31d", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:98673eef-ca93-5c6b-866f-240e33c86894", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b88e302b-8703-5c36-8b00-37f3b5d3a1fe", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e5d3d6f3-2560-5d00-9280-dba8ed4676f6", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d9fab178-d5c5-5f32-8c1c-71efcf69d8a4", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:900ad714-c2f6-5505-9028-a07740d6ed59", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4d16ea2a-d8ec-5be9-af9e-5145dd09123b", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c7eb90db-1826-5433-9347-17c33e04af72", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b6bed75a-7895-5113-b933-eb89b42fc176", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-test@5.2.13.RELEASE-tuxcare.2" } ] }